BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
5 Clean Code Tips for Reducing Cognitive Complexity
Understanding how Cognitive Complexity works will help guide you on where to focus your time. This blog dives into how this Sonar-exclusive metric was formulated to accurately measure the relative understandability of methods.
Read article >
Remote Code Execution in Tutanota Desktop due to Code Flaw
Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.
Read article >
The new JDK LTS is out! Long live JDK 21! Well, for the next 8 years.
Let's check what the new Java JDK21 LTS brings
Read blog post >
Enhancing Software Development Practices through SonarQube Server: A Path to Continuous Learning
With SonarQube Server, organizations can readily deploy workflows integrated directly into their pipelines to build on their teams’ skill sets and create resiliency to new risks.
Read article >
Typing your JavaScript without writing TypeScript
TypeScript already understands JavaScript, but you can get more out of it when you add types to your JavaScript with JSDoc or TypeScript declaration files
Read blog post >
Code Vulnerabilities Put Skiff Emails at Risk
Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers the technical details of the XSS vulnerability in Skiff.
Read article >
Security Guy TV Interview - Going Deeper with SAST and Clean Code
Sonar CEO, Olivier Gaudin, and Head of Research and Development, Johannes Dahse, meet with Security Guy TV’s Chuck Harold to discuss deeper SAST and the importance of Clean Code.
Read article >
Get the benefits of TypeScript in your JavaScript
Let's dive into what you can do to get more and more of TypeScript's benefits in your JavaScript projects.
Read blog post >
Introducing SonarQube Server 10.2: Setting New Standards in Code Quality and Security
Discover the new features in SonarQube Server 10.2!
Read article >
Code Vulnerabilities Put Proton Mails at Risk
The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.
Read article >
Playing Dominos with Moodle's Security (2/2)
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >